Test the policy

This section describe how to test your SiteMinder policy using a standard browser.

Open a web browser in private (incognito) mode to ensure no user is yet logged in.

Enter the URL to call your policy:

http://<ip address>:<port>/<path>

For example:

http://localhost:8080/siteminder_sso

Enter the login credentials. API Gateway authenticates the user against SiteMinder and returns the response along with the SiteMinder session cookie.

Refresh the browser to access the protected resource. Because the custom cookie (smcookie) is available this time, API Gateway does not prompt for credentials. Instead of re-authentication, API Gateway validates the cookie against the SiteMinder.